[Openswan Users] openswan missing ipsec interfaces in ifconfig

Peter Farrow peter at farrows.org
Fri Nov 25 13:17:10 CET 2005 

Hi There,

I have been using freeswan for many years and recently upgraded to 
openswan, sinceI am now using Centos 4.2.

I have configured my tunnels on my LAN and they are up, as I have tested 
them ok, going out from my home to my office.  The office server runs 
freeswan with Centos 3.6.

I can ping stuff on the lan in the office ok.

I can't ping stuff at home from the office because my firewall is 
blocking it.  When I investigated further I noticed that the IPSEC 
interfaces are missing on the home Centos 4.2. firewall.  and the 
firewall logs claim that it is dropping packets that are coming in on 
eth0 (the outside interface) from the private LAN ip in the office 
destined for my private LAN ip at home.  This is bizarre, because I 
would expect to see an IPSEC0 interface and would expect the ESP 
protocol and port 500 accepts in the firewall to do the job (as they do 
on the freeswan box running a very similar firewall).

Is this normal behaviour is no ipsec interface expected in ifconfig with 
openswan?

I am running

openswan-2.4.4-1
on Centos 4.2 with a 2.6.9-22.0.1.EL kernel

Ipsec look gives me this output (no ipsec interfaces!!!!):

Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         xxx.21.120.9    0.0.0.0         UG        0 0          0 
eth0
10.198.3.0      xxx.21.120.9    255.255.255.0   UG        0 0          0 
eth0
10.198.4.0      xxx.21.120.9    255.255.255.0   UG        0 0          0 
eth0
192.168.12.0    xxx.21.120.9    255.255.255.0   UG        0 0          0 
eth0
xxx.21.120.8    0.0.0.0         255.255.255.248 U         0 0          0 
eth0

Note that eth0 is the outside interface and there are tunnels to 
10.198.3 10.198.4 and 192.168.12, note no ipsec interfaces appear

On the freeswan box on centos 3.6 in the office I get this which is 
entirely expected with ipsec interfaces:

Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         xxx.46.151.185  0.0.0.0         UG        0 0          0 
eth0
10.198.0.0      xxx.46.151.185  255.255.254.0   UG        0 0          0 
ipsec0

(10.198.0 is my ip address range at home)

Can any shed any light on this for me?

Regards

Pete

More information about the Users mailing list